ncio 1.1.0 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +5 -4
- data/lib/ncio/http_client.rb +4 -4
- data/lib/ncio/support/option_parsing.rb +24 -6
- data/lib/ncio/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6a2052b10003c3a63395281ac33811900acf2f9a
|
4
|
+
data.tar.gz: 63c12430435b5780d06deb55ccedf58c8d0a8c44
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9c1f4d189022e00370658084a5b8f818d6d36e0fa4e8b7a597559d41e3d8ef17403f7c7925ab8b04c2cbc0daaf07f07da7526d372cbfc28974b97fe5ed101ec1
|
7
|
+
data.tar.gz: 20691eaf4dc7c983536a69ab4aaef28994be31e12f86cad8ecde2916c9381da1843fe8cadc92ee96d8aa6441d9d37a7966bfff885863c62960ac2e4b98068a1b
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -64,10 +64,11 @@ Install this tool on the same node running the node classification service:
|
|
64
64
|
|
65
65
|
## Usage
|
66
66
|
|
67
|
-
|
68
|
-
exists on the same node as
|
69
|
-
|
70
|
-
|
67
|
+
Ncio will attempt to use the host certificate from
|
68
|
+
`/etc/puppetlabs/puppet/ssl/certs/$FQDN.pem` if it exists on the same node as
|
69
|
+
the Node Classifier. If this certificate has sufficient access then no
|
70
|
+
configuration is necessary. The default options will work to backup and restore
|
71
|
+
node classification data.
|
71
72
|
|
72
73
|
sudo -H -u pe-puppet /opt/puppetlabs/puppet/bin/ncio backup > /var/tmp/backup.json
|
73
74
|
I, [2016-06-28T19:25:55.507684 #2992] INFO -- : Backup completed successfully!
|
data/lib/ncio/http_client.rb
CHANGED
@@ -27,8 +27,8 @@ module Ncio
|
|
27
27
|
host: Socket.gethostname,
|
28
28
|
port: 4433,
|
29
29
|
use_ssl: true,
|
30
|
-
cert: ssldir
|
31
|
-
key: ssldir
|
30
|
+
cert: "#{ssldir}/certs/#{Socket.gethostname}.pem",
|
31
|
+
key: "#{ssldir}/private_keys/#{Socket.gethostname}.pem",
|
32
32
|
cacert: ssldir + '/certs/ca.pem'
|
33
33
|
}.freeze
|
34
34
|
|
@@ -44,11 +44,11 @@ module Ncio
|
|
44
44
|
#
|
45
45
|
# @option opts [String] :cert The path to the PEM encoded client
|
46
46
|
# certificate. Defaults to
|
47
|
-
# `"/etc/puppetlabs/puppet/ssl/certs
|
47
|
+
# `"/etc/puppetlabs/puppet/ssl/certs/$FQDN.pem"`
|
48
48
|
#
|
49
49
|
# @option opts [String] :key The path to the PEM encoded RSA private key
|
50
50
|
# used for the SSL client connection. Defaults to
|
51
|
-
# `"/etc/puppetlabs/puppet/ssl/private_keys
|
51
|
+
# `"/etc/puppetlabs/puppet/ssl/private_keys/$FQDN.pem"`
|
52
52
|
#
|
53
53
|
# @option opts [String] :cacert The path to the PEM encoded CA certificate
|
54
54
|
# used to authenticate the service URL. Defaults to
|
@@ -59,6 +59,8 @@ module Ncio
|
|
59
59
|
def parse_global_options!(argv, env)
|
60
60
|
semver = Ncio::VERSION
|
61
61
|
host = Socket.gethostname
|
62
|
+
cert_default = self.cert_default
|
63
|
+
key_default = self.key_default
|
62
64
|
Ncio::Trollop.options(argv) do
|
63
65
|
stop_on_unknown
|
64
66
|
version "ncio #{semver} (c) 2016 Jeff McCune"
|
@@ -66,8 +68,8 @@ module Ncio
|
|
66
68
|
uri_dfl = env['NCIO_URI'] || "https://#{host}:4433/classifier-api/v1"
|
67
69
|
opt :uri, 'Node Classifier service uri '\
|
68
70
|
'{NCIO_URI}', default: uri_dfl
|
69
|
-
opt :cert, CERT_MSG, default: env['NCIO_CERT'] ||
|
70
|
-
opt :key, KEY_MSG, default: env['NCIO_KEY'] ||
|
71
|
+
opt :cert, CERT_MSG, default: env['NCIO_CERT'] || cert_default
|
72
|
+
opt :key, KEY_MSG, default: env['NCIO_KEY'] || key_default
|
71
73
|
opt :cacert, CACERT_MSG, default: env['NCIO_CACERT'] || CACERT_DEFAULT
|
72
74
|
log_msg = 'Log file to write to or keywords '\
|
73
75
|
'STDOUT, STDERR {NCIO_LOGTO}'
|
@@ -167,6 +169,22 @@ module Ncio
|
|
167
169
|
end
|
168
170
|
end
|
169
171
|
|
172
|
+
def self.pem_exists?(name)
|
173
|
+
File.exist?(SSLDIR + "/certs/#{name}.pem")
|
174
|
+
end
|
175
|
+
|
176
|
+
def certname
|
177
|
+
NAMES.find { |n| Ncio::Support::OptionParsing.pem_exists?(n) } || NAMES.last
|
178
|
+
end
|
179
|
+
|
180
|
+
def cert_default
|
181
|
+
SSLDIR + "/certs/#{certname}.pem"
|
182
|
+
end
|
183
|
+
|
184
|
+
def key_default
|
185
|
+
SSLDIR + "/private_keys/#{certname}.pem"
|
186
|
+
end
|
187
|
+
|
170
188
|
BANNER = <<-'EOBANNER'.freeze
|
171
189
|
usage: ncio [GLOBAL OPTIONS] SUBCOMMAND [ARGS]
|
172
190
|
Sub Commands:
|
@@ -190,15 +208,15 @@ Transformation:
|
|
190
208
|
Global options: (Note, command line arguments supersede ENV vars in {}'s)
|
191
209
|
EOBANNER
|
192
210
|
|
211
|
+
# Names used to look for the default client certificate
|
212
|
+
NAMES = ['pe-internal-orchestrator', Socket.gethostname.downcase]
|
213
|
+
|
193
214
|
SSLDIR = '/etc/puppetlabs/puppet/ssl'.freeze
|
215
|
+
|
194
216
|
CERT_MSG = 'White listed client SSL cert {NCIO_CERT} '\
|
195
217
|
'See: https://goo.gl/zCjncC'.freeze
|
196
|
-
CERT_DEFAULT = (SSLDIR + '/certs/'\
|
197
|
-
'pe-internal-orchestrator.pem').freeze
|
198
218
|
KEY_MSG = 'Client RSA key, must match certificate '\
|
199
219
|
'{NCIO_KEY}'.freeze
|
200
|
-
KEY_DEFAULT = (SSLDIR + '/private_keys/'\
|
201
|
-
'pe-internal-orchestrator.pem').freeze
|
202
220
|
CACERT_MSG = 'CA Cert to authenticate the service uri '\
|
203
221
|
'{NCIO_CACERT}'.freeze
|
204
222
|
CACERT_DEFAULT = (SSLDIR + '/certs/ca.pem').freeze
|
data/lib/ncio/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ncio
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jeff McCune
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-11-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|